0
Upcoming SlideShare
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Standard text messaging rates apply

# The rsa algorithm JooSeok Song

180

Published on

The rsa algorithm JooSeok Song

The rsa algorithm JooSeok Song

Published in: Technology, Education
0 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

• Be the first to like this

Views
Total Views
180
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
12
0
Likes
0
Embeds 0
No embeds

No notes for slide

### Transcript

• 1. The RSA Algorithm JooSeok Song 2007. 11. 13. Tue
• 2. Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both sender and receiver  if this key is disclosed communications are compromised  also is symmetric, parties are equal  hence does not protect sender from receiver forging a message & claiming is sent by sender CCLAB
• 3. Public-Key Cryptography  probably most significant advance in the 3000 year history of cryptography  uses two keys – a public & a private key  asymmetric since parties are not equal  uses clever application of number theoretic concepts to function  complements rather than replaces private key crypto CCLAB
• 4. Public-Key Cryptography  public-key/two-key/asymmetric cryptography involves the use of two keys: – a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures – a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures  is asymmetric because – those who encrypt messages or verify signatures cannot decrypt messages or create signatures CCLAB
• 5. Public-Key Cryptography CCLAB
• 6. Why Public-Key Cryptography?  developed to address two key issues: – key distribution – how to have secure communications in general without having to trust a KDC with your key – digital signatures – how to verify a message comes intact from the claimed sender  public invention due to Whitfield Diffie & Martin Hellman at Stanford Uni in 1976 – known earlier in classified community CCLAB
• 7. Public-Key Characteristics  Public-Key algorithms rely on two keys with the characteristics that it is: – computationally infeasible to find decryption key knowing only algorithm & encryption key – computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known – either of the two related keys can be used for encryption, with the other used for decryption (in some schemes) CCLAB
• 8. Public-Key Cryptosystems CCLAB
• 9. Public-Key Applications  can classify uses into 3 categories: – encryption/decryption (provide secrecy) – digital signatures (provide authentication) – key exchange (of session keys)  some algorithms are suitable for all uses, others are specific to one CCLAB
• 10. Security of Public Key Schemes  like private key schemes brute force exhaustive search attack is always theoretically possible  but keys used are too large (>512bits)  security relies on a large enough difference in difficulty between easy (en/decrypt) and hard (cryptanalyse) problems  more generally the hard problem is known, its just made too hard to do in practise  requires the use of very large numbers  hence is slow compared to private key schemes CCLAB
• 11. RSA  by Rivest, Shamir & Adleman of MIT in 1977  best known & widely used public-key scheme  based on exponentiation in a finite (Galois) field over integers modulo a prime – nb. exponentiation takes O((log n)3) operations (easy)  uses large integers (eg. 1024 bits)  security due to cost of factoring large numbers – nb. factorization takes O(e log n log log n) operations (hard) CCLAB
• 12. RSA Key Setup  each user generates a public/private key pair by:  selecting two large primes at random - p, q  computing their system modulus N=p.q – note ø(N)=(p-1)(q-1)  selecting at random the encryption key e  where 1<e<ø(N), gcd(e,ø(N))=1  solve following equation to find decryption key d – e.d=1 mod ø(N) and 0≤d≤N  publish their public encryption key: KU={e,N}  keep secret private decryption key: KR={d,p,q} CCLAB
• 13. RSA Use  to encrypt a message M the sender: – obtains public key of recipient KU={e,N} – computes: C=Me mod N, where 0≤M<N  to decrypt the ciphertext C the owner: – uses their private key KR={d,p,q} – computes: M=Cd mod N  note that the message M must be smaller than the modulus N (block if needed) CCLAB
• 14. Prime Numbers  prime numbers only have divisors of 1 and self – they cannot be written as a product of other numbers – note: 1 is prime, but is generally not of interest  eg. 2,3,5,7 are prime, 4,6,8,9,10 are not  prime numbers are central to number theory  list of prime number less than 200 is: 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199 CCLAB
• 15. Prime Factorisation  to factor a number n is to write it as a product of other numbers: n=a × b × c  note that factoring a number is relatively hard compared to multiplying the factors together to generate the number  the prime factorisation of a number n is when its written as a product of primes – eg. 91=7×13 ; 3600=24×32×52 CCLAB
• 16. Relatively Prime Numbers & GCD  two numbers a, b are relatively prime if have no common divisors apart from 1 – eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor  conversely can determine the greatest common divisor by comparing their prime factorizations and using least powers – eg. 300=21×31×52 18=21×32 hence GCD(18,300)=21×31×50=6 CCLAB
• 17. Fermat's Theorem  ap-1 mod p = 1 – where p is prime and gcd(a,p)=1  also known as Fermat’s Little Theorem  useful in public key and primality testing CCLAB
• 18. Euler Totient Function ø(n)  when doing arithmetic modulo n  complete set of residues is: 0..n-1  reduced set of residues is those numbers (residues) which are relatively prime to n – eg for n=10, – complete set of residues is {0,1,2,3,4,5,6,7,8,9} – reduced set of residues is {1,3,7,9}  number of elements in reduced set of residues is called the Euler Totient Function ø(n) CCLAB
• 19. Euler Totient Function ø(n)  to compute ø(n) need to count number of elements to be excluded  in general need prime factorization, but – for p (p prime) ø(p) = p-1 – for p.q (p,q prime) ø(p.q) = (p-1)(q-1)  eg. – ø(37) = 36 – ø(21) = (3–1)×(7–1) = 2×6 = 12 CCLAB
• 20. Euler's Theorem  a generalisation of Fermat's Theorem  aø(n)mod N = 1 – where gcd(a,N)=1  eg. – – – – CCLAB a=3;n=10; hence 34 = a=2;n=11; hence 210 = ø(10)=4; 81 = 1 mod 10 ø(11)=10; 1024 = 1 mod 11
• 21. Why RSA Works  because of Euler's Theorem:  aø(n)mod N = 1 – where gcd(a,N)=1  in RSA have: – – – – N=p.q ø(N)=(p-1)(q-1) carefully chosen e & d to be inverses mod ø(N) hence e.d=1+k.ø(N) for some k  hence : Cd = (Me)d = M1+k.ø(N) = M1.(Mø(N))q = M1.(1)q = M1 = M mod N CCLAB
• 22. RSA Example 1. 2. 3. 4. 5. Select primes: p=17 & q=11 Compute n = pq =17×11=187 Compute ø(n)=(p–1)(q-1)=16×10=160 Select e : gcd(e,160)=1; choose e=7 Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1 6. Publish public key KU={7,187} 7. Keep secret private key KR={23,17,11} CCLAB
• 23. RSA Example cont  sample RSA encryption/decryption is:  given message M = 88 (nb. 88<187)  encryption: C = 887 mod 187 = 11  decryption: M = 1123 mod 187 = 88 CCLAB
• 24. Exponentiation can use the Square and Multiply Algorithm a fast, efficient algorithm for exponentiation concept is based on repeatedly squaring base and multiplying in the ones that are needed to compute the result  look at binary representation of exponent  only takes O(log2 n) multiples for number n     – eg. 75 = 74.71 = 3.7 = 10 mod 11 – eg. 3129 = 3128.31 = 5.3 = 4 mod 11 CCLAB
• 25. Exponentiation CCLAB
• 26. RSA Key Generation  users of RSA must: – determine two primes at random - p, q – select either e or d and compute the other  primes p,q must not be easily derived from modulus N=p.q – means must be sufficiently large – typically guess and use probabilistic test  exponents e, d are inverses, so use Inverse algorithm to compute the other CCLAB
• 27. RSA Security  three approaches to attacking RSA: – brute force key search (infeasible given size of numbers) – mathematical attacks (based on difficulty of computing ø(N), by factoring modulus N) – timing attacks (on running of decryption) CCLAB
• 28. Factoring Problem  mathematical approach takes 3 forms: – factor N=p.q, hence find ø(N) and then d – determine ø(N) directly and find d – find d directly  currently believe all equivalent to factoring – have seen slow improvements over the years  as of Aug-99 best is 130 decimal digits (512) bit with GNFS – biggest improvement comes from improved algorithm  cf “Quadratic Sieve” to “Generalized Number Field Sieve” – barring dramatic breakthrough 1024+ bit RSA secure  ensure p, q of similar size and matching other constraints CCLAB
• 29. Timing Attacks  developed in mid-1990’s  exploit timing variations in operations – eg. multiplying by small vs large number – or IF's varying which instructions executed  infer operand size based on time taken  RSA exploits time taken in exponentiation  countermeasures – use constant exponentiation time – add random delays – blind values used in calculations CCLAB
• 30. Summary  have considered: – – – – – – – CCLAB prime numbers Fermat’s and Euler’s Theorems Primality Testing Chinese Remainder Theorem Discrete Logarithms principles of public-key cryptography RSA algorithm, implementation, security
• 31. Assignments 1. Perform encryption and decryption using RSA algorithm, as in Figure 1, for the following: a. p = 3; q = 11, e = 7; M = 5 b. p = 5; q = 11, e = 3; M = 9 Encryption Plaintext 88 887 mod 187 = 11 Decryption Ciphertext 11 1123 mod 187 = 88 KU = 7, 187 KR = 23, 187 Figure 1. Example of RSA Algorithm Plaintext 88 2. In a public-key system using RSA, you intercept the ciphertext C = 10 sent to a user whose public key is e = 5, n = 35. What is the plaintext M? CCLAB 31